The main difference no-code and low-code applications is that you can easily extend low-code applications by adding your own code. This gives you both power and responsibility and we are going to talk about some typical mistakes people do while adding their own code.

Let me show you an example of the code one our clients were using in BeforeLogin event:

$rs = DB::Query("select * from users where username like '".$username."'");
$data = $rs->fetchAssoc();

Can you tell what is wrong here? If not, keep reading.

Continue Reading "Preventing SQL injection in low-code web applications"

Welcome to DevQuest! We have built a little quest that is both fun and educational and dedicated to the topic of web development. There are eight questions total. Most of them are quite simple but some will require a bit of thinking. All of these questions can be answered with the help of your web browser and developer tools. We recommend using Google Chrome and Chrome Developer Tools but other browsers offer similar functionality.

You would need to view the page source, use Javascript console, use the Network tab in Developer Tools, use colorpicker etc. Your web browser is all you need.

Continue Reading "DevQuest contest with prizes"

Version 10.7 of PHPRunner and ASPRunner.NET is here!

Trial version download links

If you purchased PHPRunner or ASPRunner.NET less than 12 months ago, proceed to the control panel and download the registered version 10.7 there under 'My purchases'. Use 'Reg info' link next to your latest purchase.

This new version features the following improvements:
1. Files upload to cloud providers: Google Drive, OneDrive, Amazon S3, Dropbox
2. Notification API

Let's dig into new functionality.

Files upload to cloud providers

When you set 'Edit as' type of the field to File/Image you now have an option to choose one of the cloud storage options.

Continue Reading "Version 10.7"

PHPRunner and ASPRunner.NET v10.6 are here!

Trial version download links

If you purchased PHPRunner or ASPRunner.NET less than one year ago you can logon to the control panel and download the registered version of the software there.

What's new in this version

1. New security providers in version 10.6

New security providers: Azure AD, OKTA, SAML, OpenID. An option to combine multiple security providers i.e. you can use Active Directory together with database-based security.

Continue Reading "Version 10.6"

Enterprise Edition of PHPRunner and ASPRunner.NET provides Active Directory authentication option. It is a useful feature but it has some restrictions, for instance, you cannot use a hybrid database/AD approach where some users will use Active Directory login and some others will have their usernames and passwords stored in the database.

This changes in version 10.6 where Active Directory is no longer a replacement for database-based login but a supplement. Active Directory is now considered a "security provider" and works the same way as "Login via Google" or "Login via Facebook". We are also adding new security providers like OpenID, SAML, AzureAD and Okta.

This is how it works on the backend side. If you have used "Login via Google" or "Login via Facebook", you should be already familiar with this concept. When user logs in via a third-party security provider we create a record in the users table with a unique id that for Facebook starts with fb, for Google it starts with go, and for Active Directory that prefix will be ad.

Continue Reading "New security providers in version 10.6"

Some businesses may require two people to confirm certain actions like big transactions may require a supervisor's approval. Another scenario - certain actions require entering the second password. This additional password can be changed daily and distributed among employees in the morning along with the secret handshake. Btw, the whole application doesn't need to be password-protected, you can add the password to a certain action.

In this article, we will show how to implement this additional password security feature. We will cover two scenarios here:
1. Password-protecting custom button
2. Password-protecting editing the field in inline mode

Continue Reading "Password-protecting additional admin actions"

Let's imagine you have a web application where multiple users adding data at the same time i.e. a helpdesk application where end-users submit tickets and support staff needs to see new tickets as soon as possible. This article explains how to show new records on the page automatically without reloading the page. New records will be also highlighted to make them stand out.

Continue Reading "Show new records on the list page automatically"

Version 10.4 is here!

Trial version download links

This update is free of charge for those who purchased or upgraded less than one year ago. To find new version download links and registration keys proceed to the control panel and find it under 'My purchases'. There will be a 'Reg info' link next to your latest purchase.

The two most important features in this update are our own REST API and also the consumption of data, provided by third-party APIs. Consumption of third party data turned out to be the most difficult task and took more time than we expected, hence the delay. On the plus side, we now able to work with any data, not just something that comes as a result of the SQL query. And this also helped us implement a few minor but frequently requested features like OR search or data filtering in charts.

Continue Reading "Version 10.4"